1. Field of the Invention
This invention relates to the field of customer and draft authentication in electronic commerce (hereafter “e-commerce”). More particularly, the present invention relates to methods and systems that allow a single sign-on authentication of customers in a multi-vendor e-commerce environment and to methods and systems for directory authentication of electronic bank drafts.
2. Description of the Related Art
The network of computers and networks commonly known as the Internet, initially developed as a military and academic communications tool, has now matured into a global communications medium. The explosive growth of the Internet, together with the increasingly ubiquitous availability of high bandwidth access thereto, has spurred efforts in adapting this medium for commercial purposes. The twin developments of the World Wide Web (hereafter “Web”) and the software tools for navigating the Web known as “browsers” have been instrumental in facilitating popular acceptance of the buying and selling of goods and services on the Internet. Currently, a person wishing to buy goods and/or services on the Web (hereafter “Web customer”) must first find the Universal Resource Locator (hereafter “URL”) of the merchant of interest (hereafter “Web vendor”), typically using a search engine or a portal. Alternatively, the user may learn the URL of a vendor from an advertisement or may store the URL obtained through whatever source and visit the vendor site directly without going through a portal or search engine. Thereafter, the Web customer must navigate to the Web vendor's Web site, using his or her Web browser. After selecting the product the Web customer wishes to purchase, the Web customer is typically invited to fill out a lengthy electronic form on the Web vendor's site. Such electronic forms usually request personal and confidential information, including at least the user's name, address, telephone numbers, email address, and credit card information. Often, the Web customer is requested or invited to select a personal and unique identification tag (hereafter “ID”) and a password. Such ID and password pairs may then allow the Web customer to bypass much of the data entry in the Web vendor's electronic form upon his or her next visit to the Web vendor's site. This, however, entails that the Web vendor collects and stores the personal and billing information for each Web customer. Although the majority of Web vendors may carefully secure and safeguard this wealth of personal information, the possibility exists that such information may be used for purposes other than originally contemplated by the Web customer. Credit or charge card information is particularly sensitive to fraud and misuse. Indeed, a stolen (or misappropriated) but otherwise valid credit card number may readily be fraudulently used to purchase goods or services over the Web, due to the lack (or widely disparate nature) of security measures deployed by Web vendors to prevent such credit or charge card fraud. Such fraud is detrimental to all involved parties, including the credit card issuers the Web customers as well as the Web vendors, who must expend time and energy processing customer complaints. The financial loss from credit card affects both credit card issuers as well as the customer; the major loss, however, may be experienced by the merchant who has parted with the goods and has had the charge disallowed by the credit card issuer. For the merchant, this loss is a major disadvantage in the use of credit cards for e-commerce.
However, it is not only the Web customer's credit card information that may be stolen. Potentially far more damaging is the possibility of what may be called identity theft, the misappropriation and misuse of a person's personal and financial information. The specter of identity theft is looming ever larger, as these Web-based electronic forms provide a prepackaged, one-stop shopping source of highly detailed confidential information to unscrupulous individuals having access thereto. Although the vast majority of Web vendors are honorable and have established procedures aimed to thwart identity theft, the sheer proliferation of Web vendors on the Internet virtually ensures that such thefts will become increasingly commonplace.
Perhaps less actionable (but just as frustrating) is the possibility of what may be termed “identity confusion”. Here, one person may be confused for another and their respective personal information may be substituted or merged with one another. For example, a Web vendor or credit agency may mistakenly merge two records of two identically named but separate persons. Again, this problem can only be exacerbated by the proliferation of Web vendors on the Internet, each requesting, warehousing and perhaps mining and/or selling the personal and financial information obtained from their Web customers.
This proliferation of Web vendors also means that Web customers are repeatedly requested to select a great many separate ID's and passwords pairs, one for each Web vendor. It may become difficult, therefore, for the Web customer to remember these ID-password pairs and/or to associate a particular ID-password pair with a particular Web vendor. Some Web customers resort to selecting a single ID-password pair and using that single ID-password pair for all of the Web vendors with whom they conduct business. This, however, is a less than satisfactory solution, as such Web customers are more vulnerable to fraud should the single ID-password pair be misappropriated.
The perceived lack of security, simplicity and homogeneity in the data collection across Web vendors operate as barriers to entry into e-commerce, discouraging many potential customers from purchasing goods and services on line. Web customers, therefore, have an interest in promoting simple, homogeneous and secure Web-based transactions. What are needed, therefore, are methods and systems that allow financial transactions to be carried out on the Internet or other network in a manner that is simple, homogeneous across Web vendors and conducted in a manner that ensures the integrity and security of the Web customers' personal and financial information.
The interests of Web vendors are generally aligned with those of their customers, in that Web vendors have an interest in promoting simple and secure e-commerce, so as to attract the greatest possible number of customers to their site. If an alternative to the indiscriminate collection of customer's personal and financial information is to be implemented, Web vendors must be confident that they will be indeed paid for the goods or services they provide. What are needed, therefore, are methods and systems that will promote the interests of Web vendors and provide them with the complete assurance that they will be paid for the goods and services sold from their Web sites in a timely manner.
Curiously enough, banks thus far have not been an integral party to Web customer Web vendor transactions. Indeed, although the money is ultimately debited from the Web customer's bank account, or charged to his or her credit or charge card, the customer's bank or other financial institution has not typically been actively involved in e-commerce transactions, as such transactions are conventionally structured. What are also needed, therefore, are methods and systems that include financial institutions such as banks as integral and central participants in e-commerce transactions.